Hide Apache and PHP information - Bug Reaper

                  Bug Reaper

Lean about Automation Testing,Selenium WebDriver,RestAssured,Appium,Jenkins,JAVA,API Automation,TestNG,Maven, Rest API, SOAP API,Linux,Maven,Security Testing,Interview Questions

Monday 23 September 2013

Hide Apache and PHP information



Attacker will always try to find out your PHP and Apache version using simple method. Most bugs are version specific. You can hide Apache and PHP information easily
Get your Apache server information using telnet 
Code:
telnet domain.com 80

When connected type HEAD / HTTP/1.0, followed by [Enter] key.

Output:
Code:
Trying 206.xxx.xxx.xxx... 
Connected to your-domain-name.com. 
Escape character is '^]'.
HEAD / HTTP/1.0 HTTP/1.0 200 OK
Date: Wed, 21 Aug 2013 11:30:42 GMT 
Server: Apache/2.0.52 (Red Hat) Accept-Ranges: bytes Content-Length: 3985 Connection: close Content-Type: text/html; charset=UTF-8 Connection closed by foreign host.


How do I Hide Apache Version info?
Open httpd.conf file (located in /etc/httpd/ directory /etc/apache2/ ) 
Code:
vi httpd.conf

Change the ServerSignature line to: ServerSignature Off 
Change the ServerTokens line to: ServerTokens Prod
Restart Apache: /sbin/service httpd restart

How do I hide php info?
Open php.ini (located in /etc/php.ini or /etc/php5 or /etc/php4 directory)
Code:
vi php.ini

Change the expose_php line to: expose_php=Off
 
 

No comments:

Post a Comment